VYPR
Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Apr 15, 2026

CVE-2025-40328

CVE-2025-40328

Description

In the Linux kernel, the following vulnerability has been resolved:

smb: client: fix potential UAF in smb2_close_cached_fid()

find_or_create_cached_dir() could grab a new reference after kref_put() had seen the refcount drop to zero but before cfid_list_lock is acquired in smb2_close_cached_fid(), leading to use-after-free.

Switch to kref_put_lock() so cfid_release() is called with cfid_list_lock held, closing that gap.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

103

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.